GDPR INFORMATION CLAUSE

According to Art. 13 sec. 1-2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general regulation on data protection) (hereinafter “GDPR”), we would like to inform you that:

I. Personal data administrator

The administrator of your personal data is:

Zigler Polska Sp. Z o.o.

Ul. Braci Gutmanów 7

43-600 Jaworzno Poland

NIP: 6772294223

You can contact the personal data administrator regarding the protection of your personal data:

a) by traditional mail to the following address: Polska 43-600 Jaworzno, Braci Gutmanów 7

b) via email: rodo@zigler.pl

II. Purposes and legal bases of data processing.

1. The processing of your personal data takes place for purposes related to the conclusion, performance and service of the concluded agreement.

2. The legal basis for the processing of your personal data is:

2.1. if you are a contractor or a party to the agreement:

– Art. 6 sec. 1 letter b) GDPR, i.e. indispensability to perform the contract to which you are a party, or to take action at your request before concluding the agreement;

– Art. 6 sec. 1 letter c) GDPR, i.e. the legal obligation incumbent on the Administrator related to the keeping of accounting books and tax documentation, resulting from generally applicable provisions of law (including, but not limited to, the Accounting Act of 29.09.1994; the Tax Ordinance Act of 29.08.1997);

– Art. 6 sec. 1 letter f) GDPR, i.e. indispensability for purposes resulting from the legitimate interests of the Administrator, including, but not limited to, ensuring continuous and uninterrupted operation, internal administrative purposes (including service management), necessary settlements in connection with the concluded agreement, establishing, pursuing or defending claims and against claims;

2.2. if you are a natural person representing a legal person or an organizational unit that is a contractor or tht is taking steps before concluding an agreement, as well as an employee or associate of such a legal person or entity, participating in the conclusion or performance of the agreement – art. 6 sec. 1 letter f) GDPR, i.e. indispensability for purposes resulting from legitimate interests pursued by the Administrator, consisting in activities related to determining the terms of concluding an agreement with a contractor and facilitating communication related to the implementation thereof, as well as determining persons responsible for the implementation of and authorised to contacts as part of the agreement.

III. Recipients of personal data.

Personal data, as a rule, shall not be transferred to other entities, except for:

1. entities authorized to process the data on the basis of legal provisions, in particular public authorities;

2. entities supporting us in fulfilling our rights and obligations and in providing services, including those of accounting, HR, legal, archiving and destruction of documents, postal, courier, payment, marketing, personal and property protection services, service providers in the field of sales platforms, as well as IT system suppliers, providing assistance and technical support for IT systems wherein your data is processed.

IV. Period of personal data storage.

1. Your personal data shall be kept only for the period as deemed necessary to fulfill the purpose for which they are collected or for the period specified by law.

2. Once the purpose for which your personal data is collected has been fulfilled, it may be stored only for archival purposes, for a period to be determined on the basis of legal provisions.

V. Rights of data subjects, including access to personal data.

Under the terms of the GDPR regulations, you have the right to request the administrator to:

1. grant you access to your personal data,

2. have your personal data corrected (adjusted),

3. to delete your personal data (e.g. when the processing does not result from the legal obligation of the administrator or the establishment, exercise or defense of claims),

4. restrict the processing of your personal data,

5. transfer your personal data (if the processing is based on consent or contract),

In addition, you have the right to object to the processing of your data in connection with a special situation (this right is available, inter alia, when the administrator processes data for purposes resulting from his/her legitimate interests).

Therefore, we will not always be able to meet all your requests. The scope of the rights depends both on the legal prerequisites for data processing and often on the methods of data collection.

VI. The right to withdraw consent.

1. In relation to the non-obligatory personal data provided by you, you shall have the right to withdraw your consent at any time.

2. Withdrawal of your consent shall not affect the processing of your data until the consent is withdrawn.

VII. The right to lodge a complaint with the supervisory authority.

When you believe that the processing of your personal data violates the provisions on the protection of personal data, you have the right to lodge a complaint with the supervisory body, which is the President of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), based in Warsaw, at ul. Stawki 2, 00-193 Warsaw, Poland.

VIII. Information on the requirement/voluntary nature of providing data and the consequences of not providing personal data.

1. Your providing your personal data is a prerequisite for the conclusion and performance of the agreement and the fulfillment of the legal obligations incumbent on the Administrator.

2. Your providing your personal data is voluntary.

3. If such data is not provided, the administrator may refuse to perform the activities (performance of the agreement) covered by the consent.

IX. Automated decision making, profiling.

Your personal data may be processed in an automated manner, but it shall not lead to automated decision-making, including that the data will not be profiled.

If personal data has not been obtained directly from you and has been provided by other entities or persons – in accordance with art. 14 sec. 1 letter d) and sec. 2 letter f) GDPR, we also inform you that:

1. Data categories.

Depending on the circumstances of the case, we will process, among others, the following categories of your personal data: basic identification data (e.g. name and surname), contact details (e.g. telephone number, e-mail address), address data (address of the place of employment), other data related to employment (e.g. job position). The categories of data will be collected respecting the principle of adequacy, bearing in mind the purpose of handling the case and shall result primarily from the applicable legal provisions.

2. Source of personal data.

Your personal data will come from the contractor who provided the personal data of the contact representatives in the agreement or from publicly available sources (e.g. website).